Is there anyway we can use keep/invoke some kind of interceptor once
keycloak.json file has been read and object created by keycloak
adapter(code) for web application adapter. Which class get initialized and
create's object from installed JSON file?
While referring SPI section in there keycloak documentation found there is
Config class which has
hold that data but could not get much idea to write custom implementation
to inject data in object created by keycloak adapter.
Do not want to keep client key and keystore password in JSON file instead
can be pulled from somewhere else at run time and will inject into created
object with custom code.
Please do let me know if further information is required.
Thanks & Regards,
Hello, after upgrading to Keycloak 2.1.0 I have started to see that Keycloak is logging warnings like this:
WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-224) SQL Error: 0, SQLState: null
I am using MySQL Database.
Another thing I noticed with this is that I listen to this JMX for metrics:
for the ActiveCount metric
and I constantly see this being 18 despite having nearly no Keycloak usage. So it’s making me to think that there is a connection leak in Keycloak, because I should not see 18 active connections, when there is no load on Keycloak.
Could you please have a look at this? I don’t really remember seeing this issue in Keycloak 2.0.0, so I’m just guessing it could be just 2.1.0 issue as well…
I'm creating users programmatically from my java code,but the users
credential and roles are note "persisted" (I think), when the user try to
authenticate he get *Invalid username or password (*even if he is visible
in the admin console), If I define (from the admin console) a passe Word
for the user and use it he can access his account, but here come the 2
problem, even if I give him the right (role) to use a resource he gets
here is the code that I use to define users credential and role :
* CredentialRepresentation credential = new
I need to implement the following use case.
My web application is authenticated against a given realm on keycloak,
using a simple user / password authentication model. But a part of my web
app would require a stronger authentication mechanism (a second factor in
fact) based on the current user.
What's the "best" solution using keycloak ? I was thinking of two different
1. add an attibute in my OIDC token that could be named "level", and having
an adapter that would check the level of the token, and if not
corresponding, redirect to the realm that would ask for the second factor
2. Create a "2FA" realm,that would rely on the simple authentication
realm... but is it possible in the same web app (I mean, to use two realms)
Open to any ideas
So far I have been playing with KeyCloak and been able to set it up and
running the customer-portal example successfully. Now I need to actually
use it in my application, and I am not totally sure whether KeyCloak is the
thing that I am looking for, but I believe my need is just a common use
case and hopefully KeyCloak is the right software that I am looking for..
When a user comes to my website, he registers and makes a post. Both the
post and the user information is stored into databases, and the link
between the user and post, i.e. who made which post? So I have two tables
in my database: Post(id, post) and User(id,name), and another table
UserPost(PostID, UserID) to store linking information. This is all fine in
my own database.
But now when KeyCloak comes into play, the user first registers in KeyCloak
server and user information are stored in its own database there, which
seems unrelated to the database (Post and User) in my application. I don't
want to duplicate two User databases in two servers, right? Even if I can
tolerate the duplication, how to make the connection between KeyCloak
database and my application database? I am using JBoss, Hibernate/JPA in my
Maybe I am missing something in the way how to connect KeyCloak with my own
application. Is there any tutorial or documentation that I can read?